Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files. When a malicious file is detected, that file is blocked so that no one can open, copy, move, or share it until further actions are taken by the organization's security team. Read this article to turn on ATP for SharePoint, OneDrive, and Teams, set up alerts to be notified about detected files, and take your next steps.

To define (or edit) ATP policies, you must be assigned an appropriate role. Some examples are described in the following table:

Turn on ATP for SharePoint, OneDrive, and Microsoft Teams

Before you begin this procedure, make sure that audit logging is already turned on for your Office 365 environment. This is typically done by someone who has the Audit Logs role assigned in Exchange Online. For more information, see Turn Office 365 audit log search on or off.